The ibm-auth-api JSON object

Edit online

This object contains the information to configure the connection to Verify.

Table 1. The ibm-auth-api JSON object attributes
Entry Sample value Description
"client-id" "84e8da25-d7ed-47cc-9782-b852cb64365c" This value is required. An IBM® Verify API client must be created for use by the IBM Verify Bridge for Directory Sync program. The API client requires it to be granted the following API access:
  • Manage users and standard groups
  • Synchronize users and groups
"obf-client-secret" “asjKZsKrbbgNaPe7+kYIcOyWzZdzYNtF4KlCyYoNEFA=” This value is required. The IBM Verify client is given a client-secret (password) when it is created and must be set in this configuration setting. The obf-client-secret is the client-secret in an obfuscated form. Use the IcbLdapSync -obf client-secret command to generate the obfuscated client-secret value.
Note: This obf-client-secret can alternatively be provided in clear text by using the "client-secret" option instead. For example.
"client-secret”:"XOpiba1XeP"
"protocol" "https" This value is optional and defaults to “https”. This value is the protocol that is used to communicate to the IBM Verify server. The values “http” or “https” are permitted. When https is used, and cacert.pem is present, the IBM Verify server certificate and server name are validated.
"host" "tenant.verify.ibm.com" This value is required. It specifies the IBM Verify server that you are using.
"port" 443 This value is optional and defaults to 443. This value is the port that the IBM Verify server is listening on for requests.
"max-handles" 16 This value is optional and defaults to 16. This value is the maximum number of parallel connections that the credential provider makes to the IBM Verify server to synchronize users and groups.
proxy" http://proxy.ibm.com:1080 This value is optional and defaults to not using a proxy that is to connect directly. Set the proxy to access the Verify tenant. The value is a hostname or dotted numerical IP address. A numerical IPv6 address must be written within [brackets].

To specify a port number in this string, append :[port] to the end of the host name. The proxy port defaults to 1080.

The proxy string can be prefixed with [scheme]:// to specify which kind of proxy is used http:// HTTP Proxy. The default setting when no scheme or proxy type is specified is https:// HTTPS Proxy. 

 socks4:// 
SOCKS4 Proxy
socks4a:// 
SOCKS4a Proxy 
Proxy resolves URL hostname. 
socks5:// 
SOCKS5 Proxy
socks5h:// SOCKS5 Proxy
Proxy resolves URL hostname.

Without a scheme prefix, it defaults to http://. Setting the proxy string to "" (an empty string) explicitly disables the use of a proxy, even if there is an environment variable set for it. A proxy host string can also include protocol scheme http:// and embedded user and password.
"proxytunnel" true This value is optional and defaults to true if the proxy is set. Set the proxytunnel parameter to true to make Verify tenant operations tunnel through the HTTP proxy. A proxy and to tunnel through it are different. Tunneling means that an HTTP CONNECT request is sent to the proxy that asks it to connect to a remote host on a specific port number. The traffic is passed through the proxy. Proxies tend to allowlist specific port numbers that it allows CONNECT requests to go to. Often only ports 80 and 443 are allowed.
"connect-timeout" 10 This value is optional and defaults to 10 seconds. It specifies the time in seconds to wait while it tries to open a connection to the IBM Verify server. One retry is attempted if the first attempt fails.
"timeout" 20 This value is optional and defaults to 20 seconds. Increased this value to 100 seconds to ensure long running operations such as large group membership changes do not time out. This value is the amount of time, in seconds, that the IBM Verify Bridge for Directory Sync server waits for a response to be received on the IBM Verify server connection.